Latest news of the domain name industry

Recent Posts

Donuts says DPML now covers “millions” of trademark variants as price rockets again

Kevin Murphy, October 1, 2018, Domain Registrars

Donuts has added more than a third to the price of its Domain Protected Marks List service, as it adds a new feature it says vastly increases the number of domains trademark owners can block.

The company has added homograph attack protection to DPML, so trademark-owning worrywarts can block variations of their brand that contain confusing non-Latin characters in addition to all the domain variants DPML already takes out of the available pool.

An example of a homograph, offered by Donuts, would be the domain xn--ggle-0nda.com, which can display as “gοοgle.com” and which contains two Cyrillic o-looking characters but is pretty much indistinguishable from “google.com”.

Donuts reckons this could mean “millions” of domains could be blocked, potentially preventing all kinds of phishing attacks, but one suspects the actual number per customer rather depends on how many potentially confusable Latin characters appear in the brands they want to protect.

DPML is a block service that prevents others from registering domains matching or closely matching customers’ trademarks. Previous additions to the service have included typo protection.

The new feature supports Cyrillic and Greek scripts, the two that Donuts says most homograph attacks use.

The company explained it to its registrars like this:

The Donuts system will analyze the content of each SLD identified in a DPML subscription, breaking it down to its individual characters. Each character is then “spun” against Unicode’s list of confusable characters and replaced with all viable IDN “glyphs” supported by Donuts TLDs. This spinning results in potentially millions of IDN permutations of a brand’s trademark which may be considered easily confusable to an end user. Each permutation is then blocked (removed from generally available inventory) just like other DPML labels, meaning it can only be registered via an “Override” by a party holding a trademark on the same label.

While this feature comes at no additional cost, Donuts is increasing its prices from January 1, the second big increase since DPML went live five years ago.

Donuts declined to disclose its wholesale price when asked, but I’ve seen registrars today disclose new pricing of $6,000 to $6,600 for a five-year block.

That compares to retail pricing in the $2,500 to $3,000 range back in 2013.

Hexonet said it will now charge its top-flight resellers $6,426 per create, compared to the $4,400 it started charging when DPML prices last went up at the start of last year. OpenProvider has also added two grand to its prices.

Donuts said the price increase also reflects the growth of its portfolio of gTLDs over the last few years. It now has 241, 25% more than at the last price increase.

Nominet to charge brands for no-name Whois access

Kevin Murphy, April 23, 2018, Domain Registries

Nominet has become the second major registry to announce that trademark lawyers will have to pay for Whois after the EU General Data Protection Regulation comes into effect next month.

The company said late last week that it will offer the intellectual property community two tiers of Whois access.

First, they can pay for a searchable Whois with a much more limited output.

Nominet said that “users of the existing Searchable WHOIS who are not law enforcement will continue to have access to the service on a charged-for basis however the registrant name and address will be redacted”.

Second, they can request the full Whois record (including historical data) for a specific domain and get a response within one business day for no charge.

Approved law enforcement agencies will continue to get unfettered access to both services — with “enhanced output” for the searchable Whois — for no charge, Nominet said.

These changes were decided upon following a month-long consultation which accepted comments from interested parties.

Other significant changes incoming include:

  • Scrapping UK-presence requirements for second-level registrations.
  • Doing away with the current privacy services framework, offloading GDPR liability to registrars providing such services.
  • Creating a standard opt-in mechanism for registrants who wish for their personal data to be disclosed in public Whois.

Nominet is the second registry I’m aware of to say it will charge brand owners for Whois access, after CoCCA 10 days ago.

CoCCA has since stated that it will sell IP owners a PDF containing the entire unredacted Whois history of a domain for $3, if they declare that they have a legitimate interest in the domain.

It also said they will be able to buy zone file access to the dozens of TLDs running on the CoCCA platform for $88 per TLD.

Famous Four following .sucks playbook with premium pricing for brands?

New gTLD registry Famous Four Media has slapped general availability prices of $500 and up on domain names matching famous brands.

The company plans to shortly introduce eight “premium” pricing tiers, ranging from $200 a year to $10,000 a year.

The first to launch, on July 8, will be its “brand protection tier”, which will carry a $498 registry fee.

Famous Four told its registrars that the tier “will provide an additional deterrent to cyber-squatters for well-known brands ensuring that domain names in this tier will not be eligible for price promotions”.

The gTLDs .date, .faith and .review will be first to use the tiered pricing structure.

It’s not entirely clear what brands will be a part of the $498 tier, or how the registry has compiled its list, but registrars have been given the ability to ask for their clients’ trademarks to be included.

I asked Famous Four for clarification a few days ago but have not yet had a response.

While other registries, such as Donuts, used tiered pricing for GA domains, I’m only aware of one other that puts premium prices on brands: .sucks.

Vox Populi has a trademark-heavy list of .sucks domains it calls Market Premium — formerly Sunrise Premium — that carry a $1,999-a-year registry fee.

Unlike Vox Pop, Famous Four does not appear to be planning a subsidy that would make brand-match domains available at much cheaper prices to third parties.

Famous Four’s gTLDs have seen huge growth in the last month or two, largely because it’s been selling domains at a loss.

.science, for example, has over 300,000 registrations — making it the third-largest new gTLD — because Famous Four’s registry fee has been discounted to just $0.25 from May to July.

The same discount applies to .party (over 195,000 names in its zone) and .webcam (over 60,000).

Those three gTLDs account for exactly half of the over 22,000 spam attacks that used new gTLD domains in March and April, according to Architelos’ latest abuse report.

With names available at such cheap prices, it would not be surprising if cybersquatters are abusing these gTLDs as much as the spammers.

Will intellectual property owners believe a $498+ reg fee is a useful deterrent to cybersquatting?

Or will they look upon this move as “predatory”, as they did with .sucks?

Only 2% of phishing attacks use cybersquatted domain names

Kevin Murphy, October 25, 2012, Domain Registries

The number of cybersquatted domain names being used for phishing is falling sharply and currently stands at just 2% of attacks, according to the Anti-Phishing Working Group.

The APWG’s first-half 2012 report (pdf) identified 64,204 phishing domains in total.

Of those, the group believes that only 7,712 (12%) were actually registered by the phishers themselves. The rest belonged to innocent third parties and had been compromised.

That’s a steep drop from 12,895 domains in the second half of 2011 and 14,650 in the first half of 2011.

Of the 7,712 phisher-owned domains, about 66% were being use to phish Chinese targets, according to the APWG.

The group’s research found only 1,350 that contained a brand name or a misspelling of a brand name.

That’s down from 2,232 domains in the second-half of 2011, representing just 2% of all phishing domains and 17% of phisher-owned domains.

The report states:

Most maliciously registered domain strings offered nothing to confuse a potential victim. Placing brand names or variations thereof in the domain name itself is not a favored tactic, since brand owners are proactively scanning Internet zone files for such names.

As we have observed in the past, the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do.

Instead, phishers almost always place brand names in subdomains or subdirectories. This puts the misleading string somewhere in the URL, where potential victims may see it and be fooled. Internet users are rarely knowledgeable enough to be able to pick out the “base” or true domain name being used in a URL.

Taken as a percentage of attacks, brand-jacking is clearly a pretty low-occurrence offence, according to the APWG’s numbers.

In absolute numbers, it works out to about 7.5 domain names per day that are being use to phish and contain a variation of the brand name being targeted.

Unsurprisingly, the APWG found that Freedom Registry’s .tk — which offers free registration — is the TLD being abused most often to register domains for phishing attacks.

More than half of the phisher-owned domains were in .tk, according to the report.

Stop the nonsense about TLD-squatting

Kevin Murphy, January 19, 2012, Domain Policy

Barely a day has passed recently without a news report about how companies are being forced to apply for new top-level domains to prevent cybersquatters moving in on their brands.

It’s complete nonsense, of course, brought about by a lack of basic research coupled with years of bad feeling towards the domain name industry and an ICANN new gTLDs outreach campaign that spent six months failing to effectively tackle widely held misconceptions.

Cybersquatters are not going to apply for new gTLDs. If they do, they won’t be approved.

Unfortunately, this does not mean that we’re not going to see lots of “defensive” new gTLD applications.

Due to the way the program is structured, it may actually make strategic sense for some companies to apply for a dot-brand gTLD even if they are otherwise pretty clueless about domain names.

It worries me to think that a few years from now the TLD space – which is currently running at almost 100% utilization – will start to resemble the second level in pretty much every major TLD, with lots of essentially unused, redundant defensive domain names.

I don’t think this will be good for the domain name industry or ICANN.

That said, what looks good for ICANN and the domain name industry is of little concern to brand owners – they just want to make sure their brands are not damaged by the program.

I’ve written a 4,500-word paper analyzing the actual need for companies to file “defensive” gTLD applications, which is now available to DomainIncite PRO subscribers.

  • Page 1 of 2
  • 1
  • 2
  • >